GitHub user albundy83 added a comment to the discussion: Airflow 3.0.2 + Helm + Keycloak SSO: User role changes from "Admin" to "Viewer" after login
First, roles must be created in Keycloak client as described in [here](https://github.com/apache/airflow/blob/4c780cc55c6f3da8cad5352bd9d6934d1f64faca/providers/fab/docs/auth-manager/api-authentication.rst?plain=1#L167) Then, you have two solutions: - you assign directly client role to users - or you create group, you assign client role to group and you assign group to users :) Then, pay attention to this [line](https://github.com/apache/airflow/blob/4c780cc55c6f3da8cad5352bd9d6934d1f64faca/providers/fab/docs/auth-manager/api-authentication.rst?plain=1#L317) It says that roles must be found under `resource_access` -> `clientId` -> `roles`. You can use `Evaluate` function to see if user have correct role assigned: <img width="1365" height="677" alt="Screenshot From 2025-07-11 08-50-20" src="https://github.com/user-attachments/assets/24312408-a334-4e73-b1bd-dde395f7bb94"; /> I hope it will help you. GitHub link: https://github.com/apache/airflow/discussions/53146#discussioncomment-13729506 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
